on Aug 10, 2016Article Content
| Article Number | 000032850 |
| Applies To | RSA Product Set: Silver Tail RSA Product/Service Type: Mitigator - Silver Tail RSA Version/Condition: 3.0.2 EOPS Reached Platform: Linux |
| Issue | Can someone confirm if SilverTail has SSLv2 encryption enabled or if it is used for the application? If so, can we turn it off without any impact to application functionality? Also I would like to know what connections are you referring to in our WTD system? |
| Resolution | Your question is this --- SilverTail has SSLv2 encryption enabled or if it is used for the application? If so, can we turn it off without any impact to application functionality? Also I would like to know what connections are you referring to in our WTD system? Refer the customer to the "WTD System Management Guide" Chapter 7 on Certificate Management.starting at page 33. The whole chapter should be read, we suggest. This documenation is available in Secure Care Online. https://knowledge.rsasecurity.com/scolcms/ SSL Certificates and Key Encryption You have three options for key encryption: 1. No encryption – keys copied over to the server via the file system are not encrypted, but are available for management via the Certificate Management Interface (CMI) described below. 2. Software encryption – keys imported via the CMI are automatically encrypted (PKCS8 format). 3. Hardware encryption – keys imported via a Hardware Security Module (HSM) are encrypted as per the module. While hardware encrypted keys are visible in the CMI, you cannot manage them via that interface. Certificate Management Via the Certificate Management Interface (CMI) RSA Web Threat Detection SilverTap depends on access to web traffic in order to help detect and prevent fraud. Because most of this web traffic is encrypted, and SilverTap accesses web traffic before it is decrypted, each SilverTap installation requires access to the site’s digital certificates for decrypting in order to analyze the traffic. It is important that as much traffic as possible is decrypted so that Web Threat Detection products can be more effective by analyzing a more complete set of web transactions. The Certificate Management Interface (CMI) shows information for the digital certificates for your site. You can use it to ensure that as much of your site’s traffic is decrypted as possible. Using the CMI, you can add and delete certificates, see which certificates are expired or will be expiring soon, find out which certificates are missing, and export the information in comma separated value (CSV) format. |